Fix bounded mailboxes, worker startup race, stale admin signal (#78, #79, #81)#98
Merged
Merged
Conversation
… signal (#78, #79, #81) - #78: Replace unbounded actor mailbox channels with bounded (capacity 10,000) to prevent OOM DoS from message flooding. Add spawn_with_capacity() API, diagnostic logging for dropped messages, and shutdown deadlock protection. - #79: Add watch-channel ready signal between StateActor and NetworkActor so gossip drain tasks wait for StateActor initialization before processing events. - #81: Replace get_untracked() with reactive get() for peer_id in member_list.rs permission checks (lines 46, 124, 178, 227) for consistent reactive patterns. https://claude.ai/code/session_0138qk6y8FcdTUbrVFaH7FXH
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
spawn_with_capacity()API, diagnostictracing::warn!for dropped messages, and shutdown deadlock protection.tokio::sync::watchready signal betweenStateActorandNetworkActorso gossip drain tasks wait forStateActorinitialization before processing events. Backward compatible — omitting the signal preserves immediate drain behavior.get_untracked()with reactiveget()forpeer_idinmember_list.rsreactive closures (lines 46, 124, 178, 227) for consistent reactive patterns. Line 247 correctly remainsget_untracked()(event handler context).Closes #78
Closes #79
Closes #81
Test plan
mailbox_drops_messages_when_capacity_exceeded— verifies bounded channel rejects sends when full (channel-level + actor-level withspawn_with_capacity)shutdown_succeeds_with_full_mailbox— verifies shutdown doesn't deadlock when a mailbox is fullpre_buffered_events_wait_for_state_ready_signal— 3 pre-buffered gossip events all arrive after ready signal firesnetwork_actor_drains_immediately_without_ready_signal— backward compat: drain starts immediately when no ready signal is providedadmin_buttons_hide_when_admin_status_revoked— admin buttons reactively hide whenadmin_idssignal changesadmin_buttons_respond_to_peer_id_change— admin buttons reactively hide whenpeer_idsignal changes (validatesget()vsget_untracked())https://claude.ai/code/session_0138qk6y8FcdTUbrVFaH7FXH